Warning to customers with new WD hard drives

Newer WD External drives come with password protection and 256-Bit encryption as standard. Even if a password is not set the encryption is still applied to the data written to the drive. The 256-Bit encryption is controlled by ROM on the USB controller. On portable USB powered hard drives the encrypted ROM is on the actual hard drive. On external desktop drives the ROM is on the interface controller within the external case.

Make sure you keep hold of the external case the hard drive was in. Although not always needed, it could be important later on. If you’ve lost data, have a look at our Western Digital Data Recovery service.

5 Replies to “Warning to customers with new WD hard drives”

I have seen such ‘encryption-schemes’ on USB flash-drives and it’s a big joke : The ONLY thing that password does is prevent mounting of the storage-area until entered,
as specified in the ATA-security extensions .

Martin, I will clarify how these disks work. The external hard drives contain a regular SATA hard disk and a small electronic interface board with USB / eSATA connections. If you buy one of these drives and use it straight from the box, the data is encrypted on-disk by the external controller electronics (USB/eSATA interface card etc). The encryption key is stored on the external disk controller board, not the hard disk PCB. If you disassemble the external case, and attach the SATA disk to a SATA port on a PC, the data will be unreadable due to the encryption. The disk is not ATA locked, and every sector is readable, but cannot be deciphered due to the encryption. If you re-attach the hard disk to the interface board and connect to the PC using USB, the data will be readable straight away, as the disk gets decrypted on the fly by the interface board.

If, instead of using the disk straight from the box you decided to set a user-password for the encryption, the data will instead be encrypted using that key. (or at least a key generated from the password.) If you disassemble the external case again, and attach the hard drive to a SATA port, the disk is still not ATA locked. The sectors are still accessible and the data is still not readable. The difference is that it now uses a user-generated key. If you re-attach the hard disk to the interface board and connect to the PC using USB, instead of decrypting on the fly, the software will prompt for the user-password. This is using proprietary WD software and nothing to do with ATA passwords or the ATA spec.

In essence the default encryption is certainly not provided for reasons of security. (The user-generated code should be fine, unless there are known backdoors.) We could think of two possible reasons for default encryption. Either to make fast erasure extremely quick – simply creating new encryption keys would render all previous data unreadable. Or, to prevent people swapping the disks between different cases.

This information has been gathered over many years, over many hundreds of disks. Please let me know if this makes things any clearer.

Actually the user-set password is encryption too. But the data is encrypted by default even if you don’t set a password. It seems strange as the data is automatically decrypted when read anyway, so not really protecting you at all unless you set a user-password. Basically the encryption is just tying the bare hard drive to the USB interface.

If the data is encrypted no matter if you set a password or not, then clearly the password has nothing to do with the actual encryption-key, the encryption-key must already be on the device and is NOT set by the user .

It’s a pretty big deal, if you have not generated the key yourself there is absolutely NO guarantee that it is secret or even unique . For all we know, they could be re-using the same key over and over ?

Important Links

Advice

Stop using the hard drive as soon as possible. If the problem is getting worse then you may eventually lose access completely.

Don't download ANYTHING to the disk. It could write over the files you're trying to recover.

Don't try to scan, repair or fix any errors unless you have backups of the data. A failed repair process can damage the files beyond recovery.

Don't re-install or restore the computer unless you have backups of the data already. It may get the machine running again, but only in a factory-fresh way. Your data will be lost.

If you manage to access your files at any point, make a copy to another drive as soon as you can. It may be a fluke, and could be the last time you see the files. Don't reboot expecting to see them again.

If the files you need are really important then you should consider getting the disk professionally recovered. We've spent years making our process as safe as possible to maximise our chances of success.

If you decide to try your own recovery, keep a close watch on the time estimates. If the time keeps incrementing up it could be a sign of disk trouble. Failure to deal with that could cause the drive to fail completely, and beyond repair. A hard drive shouldn't take longer than a few hours to extract.